Support local managment for embedded agent on nginx

2025-09-29 19:24:26 +03:00 · 2022-11-13 13:29:35 +02:00
parent 8b01396eca
commit 1b4b7d17e0
406 changed files with 37980 additions and 35 deletions
--- a/nodes/orchestration/package/local-default-policy.yaml
+++ b/nodes/orchestration/package/local-default-policy.yaml
@@ -0,0 +1,85 @@
+policies:
+  default:
+    triggers:
+    - appsec-default-log-trigger
+    mode: detect-learn
+    practices:
+    - webapp-default-practice
+    source-identifiers:
+    trusted-sources:
+    custom-response: appsec-default-web-user-response
+    exceptions:
+  specific-rules:
+  - host: "*"
+    triggers:
+    - appsec-default-log-trigger
+    mode: detect-learn
+    practices:
+    - webapp-default-practice
+    source-identifiers:
+    trusted-sources:
+    custom-response: appsec-default-web-user-response
+    exceptions:
+
+practices:
+  - name: webapp-default-practice
+    openapi-schema-validation:
+      configmap: []
+      override-mode: detect-learn
+    snort-signatures:
+      configmap: []
+      override-mode: detect-learn
+    web-attacks:
+      max-body-size-kb: 1000000
+      max-header-size-bytes: 102400
+      max-object-depth: 40
+      max-url-size-bytes: 32768
+      minimum-confidence: Transparent
+      override-mode: detect-learn
+      protections:
+        csrf-protection: detect-learn
+        error-disclosure: detect-learn
+        non-valid-http-methods: true
+        open-redirect: detect-learn
+    anti-bot:
+      injected-URIs: []
+      validated-URIs: []
+      override-mode: detect-learn
+
+logtriggers:
+  - name: appsec-default-log-trigger
+    access-control-logging:
+      allow-events: false
+      drop-events: true
+    additional-suspicious-events-logging:
+      enabled: true
+      minimum-severity: high
+      response-body: false
+    appsec-logging:
+      all-web-requests: false
+      detect-events: true
+      prevent-events: true
+    extended-logging:
+      http-headers: false
+      request-body: false
+      url-path: false
+      url-query: false
+    log-destination:
+      cloud: false
+      file:
+      stdout:
+        format: json-formatted
+      syslog-service:
+      cef-service:
+
+customresponses:
+  - name: appsec-default-web-user-response
+    mode: response-code-only
+    http-response-code: 403
+    message-title: This is the best title ever
+    message-body: Look at this body
+
+exceptions:
+trustedsources:
+sourceidentifiers:
+